This was reported months ago in the news, no real threat as Francois said. EV certs are used for "extended validation" that means the company that is issued the cert is further investigated and confirmed to be trustworthy. This cert also turns the URL bar green in IE.
Really nothing but a BIG rip off by the issuers of the certs. These certs cost a lot more than normal certs. -----Original Message----- From: twsocket-boun...@elists.org [mailto:twsocket-boun...@elists.org] On Behalf Of Arno Garrels Sent: Thursday, July 23, 2009 3:15 AM To: ICS support mailing Subject: Re: [twsocket] OT: SSL is now cracked by researchers! Fastream Technologies wrote: > Hello, > > Glad that it interested you..! Anyway, I wonder if ICS TSslHttpCli > uses EV SSL certs and whether it is vulnerable. Never heard of EV certificates. As I read the article it's some kind of "man in the middle" attack downgrading a secure to a plain text connection and spoofing some security indicators like the yellow lock icon in browsers. Detecting "man in the middle" attacks is possible with ICS-SSL however not a built-in feature. The application developer is responsible to handle this properly. Method PostConnectionCheck() provides easy detection of such attacks, have look at the HTTP client demo. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be __________ Information from ESET Smart Security, version of virus signature database 4269 (20090723) __________ The message was checked by ESET Smart Security. http://www.eset.com __________ Information from ESET Smart Security, version of virus signature database 4269 (20090723) __________ The message was checked by ESET Smart Security. http://www.eset.com -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
